Activity log for bug #1758672
| Date | Who | What changed | Old value | New value | Message |
|---|---|---|---|---|---|
| 2018-03-25 14:16:59 | Spyros Trigazis | bug | added bug | ||
| 2018-03-25 14:19:45 | Spyros Trigazis | description | In kubernetes kubelet listens to 10250 and allows anonymous auth by default. We need to: * disable anonymous auth * enable webhook auth with certs and with token for service accounts that have the proper roles. For an even more secure configuration we can: * close cadvisor port * close read-only-port Only the healthz port of kube-proxy will be open in worker nodes (10256). | In kubernetes kubelet listens to 10250 and allows anonymous auth by default. We need to: * disable anonymous auth * enable webhook auth with certs and with token for service accounts that have the proper roles. * https://kubernetes.io/docs/admin/kubelet-authentication-authorization/ For an even more secure configuration we can: * close cadvisor port * close read-only-port Only the healthz port of kube-proxy will be open in worker nodes (10256). | |
| 2018-03-25 14:19:50 | Spyros Trigazis | magnum: assignee | Spyros Trigazis (strigazi) | ||
| 2018-03-25 14:19:54 | Spyros Trigazis | magnum: importance | Undecided | Critical | |
| 2018-03-25 14:20:09 | Spyros Trigazis | nominated for series | magnum/ocata | ||
| 2018-03-25 14:20:09 | Spyros Trigazis | bug task added | magnum/ocata | ||
| 2018-03-25 14:20:09 | Spyros Trigazis | nominated for series | magnum/rocky | ||
| 2018-03-25 14:20:09 | Spyros Trigazis | bug task added | magnum/rocky | ||
| 2018-03-25 14:20:09 | Spyros Trigazis | nominated for series | magnum/queens | ||
| 2018-03-25 14:20:09 | Spyros Trigazis | bug task added | magnum/queens | ||
| 2018-03-25 14:20:15 | Spyros Trigazis | magnum/queens: importance | Undecided | Critical | |
| 2018-03-25 14:20:18 | Spyros Trigazis | magnum/ocata: importance | Undecided | Critical | |
| 2018-03-25 14:20:21 | Spyros Trigazis | magnum/queens: assignee | Spyros Trigazis (strigazi) | ||
| 2018-03-25 14:20:24 | Spyros Trigazis | magnum/ocata: assignee | Spyros Trigazis (strigazi) | ||
| 2018-03-25 14:20:33 | Spyros Trigazis | magnum/rocky: status | New | In Progress | |
| 2018-03-25 14:20:37 | Spyros Trigazis | magnum/queens: status | New | In Progress | |
| 2018-03-25 14:20:40 | Spyros Trigazis | magnum/ocata: status | New | In Progress | |
| 2018-03-25 16:05:59 | Spyros Trigazis | nominated for series | magnum/pike | ||
| 2018-03-25 16:05:59 | Spyros Trigazis | bug task added | magnum/pike | ||
| 2018-03-25 16:06:07 | Spyros Trigazis | magnum/pike: status | New | In Progress | |
| 2018-03-25 16:06:11 | Spyros Trigazis | magnum/pike: importance | Undecided | Critical | |
| 2018-03-25 16:06:14 | Spyros Trigazis | magnum/pike: assignee | Spyros Trigazis (strigazi) | ||
| 2018-03-30 12:25:14 | OpenStack Infra | magnum: status | In Progress | Fix Released | |
| 2018-03-30 15:07:54 | OpenStack Infra | magnum/queens: status | In Progress | Fix Committed |
